Result:
found more than 505 distributions - search limited to the first 2001 files matching your query
( run in 1.029 )
Apache-Session-LDAP
view release on metacpan or search on metacpan
lib/Apache/Session/Store/LDAP.pm view on Meta::CPAN
}
}
# Bind with credentials
my $bind = $ldap->bind( $self->{args}->{ldapBindDN},
password => $self->{args}->{ldapBindPassword} );
if ( $bind->code ) {
$self->logError($bind);
return;
}
Apache-Session-MariaDB
view release on metacpan or search on metacpan
lib/Apache/Session/Store/MariaDB.pm view on Meta::CPAN
my $datasource = $session->{args}->{DataSource}
|| $Apache::Session::Store::MariaDB::DataSource;
my $username = $session->{args}->{UserName}
|| $Apache::Session::Store::MariaDB::UserName;
my $password = $session->{args}->{Password}
|| $Apache::Session::Store::MariaDB::Password;
$self->{dbh} = DBI->connect( $datasource, $username, $password, { RaiseError => 1, AutoCommit => 1 } )
|| die $DBI::errstr;
#If we open the connection, we close the connection
$self->{disconnect} = 1;
lib/Apache/Session/Store/MariaDB.pm view on Meta::CPAN
If you use some other command, ensure that there is a unique index on the
table's id column.
=head1 CONFIGURATION
The module must know what datasource, username, and password to use when
connecting to the database. These values can be set using the options hash
(see Apache::Session documentation). The options are:
=over 4
Apache-Session-MongoDB
view release on metacpan or search on metacpan
lib/Apache/Session/MongoDB.pm view on Meta::CPAN
my ( $self, $args ) = @_;
my $conn_args;
foreach my $w (
qw(host auth_mechanism auth_mechanism_properties bson_codec
connect_timeout_ms db_name heartbeat_frequency_ms j local_threshold_ms
max_time_ms password port read_pref_mode read_pref_tag_sets
replica_set_name server_selection_timeout_ms server_selection_try_once
socket_check_interval_ms socket_timeout_ms ssl username w wtimeout
read_concern_level)
)
{
lib/Apache/Session/MongoDB.pm view on Meta::CPAN
backing store and no locking.
=head1 PARAMETERS
You can set the followong parameters host, db_name, collection, auth_mechanism,
auth_mechanism_properties, connect_timeout_ms, ssl, username and password.
See L<MongoDB> for more
=head1 SEE ALSO
L<MongoDB>, L<Apache::Session>
Apache-Session-SQLite3
view release on metacpan or search on metacpan
lib/Apache/Session/Store/SQLite3.pm view on Meta::CPAN
return;
}
my $datasource = $session->{args}->{DataSource} || $DataSource;
my $username = $session->{args}->{UserName} || $UserName;
my $password = $session->{args}->{Password} || $Password;
$self->{dbh} = DBI->connect(
$datasource,
$username,
$password,
{ RaiseError => 1, AutoCommit => 1 }
) or die $DBI::errstr;
$self->{disconnect} = 1;
}
Apache-Session-Wrapper
view release on metacpan or search on metacpan
lib/Apache/Session/Wrapper.pm view on Meta::CPAN
user_name =>
{ type => UNDEF | SCALAR,
optional => 1,
descr => 'The user name to be used when connecting to a database' },
password =>
{ type => UNDEF | SCALAR,
default => undef,
descr => 'The password to be used when connecting to a database' },
table_name =>
{ type => UNDEF | SCALAR,
optional => 1,
descr => 'The table in which sessions are saved' },
lib/Apache/Session/Wrapper.pm view on Meta::CPAN
lock_user_name =>
{ type => UNDEF | SCALAR,
optional => 1,
descr => 'The user name to be used when connecting to a database' },
lock_password =>
{ type => UNDEF | SCALAR,
default => undef,
descr => 'The password to be used when connecting to a database' },
handle =>
{ type => OBJECT,
optional => 1,
descr => 'An existing database handle to use' },
lib/Apache/Session/Wrapper.pm view on Meta::CPAN
@ApacheSessionParams{ qw( Informix Oracle Sybase ) } =
( $ApacheSessionParams{Postgres} ) x 3;
my %OptionalApacheSessionParams =
( MySQL => [ [ qw( table_name password lock_password ) ] ],
Postgres => [ [ qw( table_name password ) ] ],
Informix => [ [ qw( table_name password ) ] ],
Oracle => [ [ qw( long_read_len table_name password ) ] ],
Sybase => [ [ qw( textsize table_name password ) ] ],
);
my %ApacheSessionFlexParams =
( store =>
{ MySQL => [ [ qw( data_source user_name ) ],
lib/Apache/Session/Wrapper.pm view on Meta::CPAN
=item * user_name => user name
Corresponds to the C<UserName> parameter passed to the DBI-related
session modules.
=item * password => password
Corresponds to the C<Password> parameter passed to the DBI-related
session modules. Defaults to undef.
=item * handle => DBI handle
lib/Apache/Session/Wrapper.pm view on Meta::CPAN
=item * lock_user_name => user name
Corresponds to the C<LockUserName> parameter passed to
C<Apache::Session::MySQL>.
=item * lock_password => password
Corresponds to the C<LockPassword> parameter passed to
C<Apache::Session::MySQL>. Defaults to undef.
=item * lock_handle => DBI handle
Apache-SessionManager
view release on metacpan or search on metacpan
SessionManager.pm view on Meta::CPAN
If you use MySQL for your datastore, you need to pass database connection
informations:
PerlSetVar SessionManagerStoreArgs "DataSource => dbi:mysql:sessions, \
UserName => user, \
Password => password"
Please see the documentation for store/lock modules in order to pass right
arguments.
=item C<SessionManagerItemExclude> string|regex
Apache-SiteControl
view release on metacpan or search on metacpan
lib/Apache/SiteControl/Radius.pm view on Meta::CPAN
sub check_credentials
{
my $r = shift; # Apache request object
my $username = shift;
my $password = shift;
my $host = $r->dir_config("RadiusSiteControlHost") || "localhost";
my $secret = $r->dir_config("RadiusSiteControlSecret") || "unknown";
my $radius;
# Get my IP address to pass as the
lib/Apache/SiteControl/Radius.pm view on Meta::CPAN
$radius = new Authen::Radius(Host => $host, Secret => $secret);
if(!$radius) {
$r->log_error("Could not contact radius server!");
return 0;
}
if($radius->check_pwd($username, $password, $nas_ip_address)) {
return 1;
}
$r->log_error("User $username failed authentication:" . $radius->strerror);
return 0;
}
Apache-Sling
view release on metacpan or search on metacpan
lib/Apache/Sling.pm view on Meta::CPAN
my $authn;
my $help;
my $log;
my $man;
my $number_forks = 1;
my $password;
my $url;
my $user;
my $verbose;
my $sling = {
lib/Apache/Sling.pm view on Meta::CPAN
Auth => $auth,
Authn => $authn,
Help => $help,
Log => $log,
Man => $man,
Pass => $password,
Threads => $number_forks,
URL => $url,
User => $user,
Verbose => $verbose
};
Apache-Solr
view release on metacpan or search on metacpan
lib/Apache/Solr/Tables.pm view on Meta::CPAN
hl.usePhraseHighlighter 1.3
literalsOverride 4.0
mlt.fl 1.3
pageDoc 4.0
pageScore 4.0
passwordsFile 4.0
qs 1.3
resourse.password 4.0
shards 3.1
shards.qt 3.1
spellcheck.accuracy 3.1
spellcheck.collate 3.1
spellcheck.maxCollations 3.1
Apache-Sybase-CTlib
view release on metacpan or search on metacpan
=head1 SYNOPSIS
use Apache::Sybase::CTlib2;
Apache::Sybase::CTlib2->connect_on_init("user", "password", "server", "db");
=head1 DESCRIPTION
This module allows Apache/Modperl/Sybperl users to connect to sybase data servers, and maintain persistant connections. The advantage should be clear, as this avoids the overhead of creating a connection, gathering data, and then destroying the conne...
In /apache/startup.pl
use Apache::Sybase::CTlib2;
Apache::Sybase::CTlib2->connect_on_init("user", "password", "server", "db");
Passing db (database name) to the module will allow you to specify a database to start in (the module will execute "use database" after the connection is established). This is an optional parameter.
=head1 AUTHOR
Apache-TS-AdminClient
view release on metacpan or search on metacpan
lib/Apache/TS/AdminClient.pm view on Meta::CPAN
The Apache Traffic Server Administration Manual will explain what these strings represent. (http://trafficserver.apache.org/docs/)
proxy.config.accept_threads
proxy.config.task_threads
proxy.config.admin.access_control_file
proxy.config.admin.admin_password
proxy.config.admin.admin_user
proxy.config.admin.advanced_ui
proxy.config.admin.autoconf.localhost_only
proxy.config.admin.autoconf.pac_filename
proxy.config.admin.autoconf_port
Apache-Test
view release on metacpan or search on metacpan
lib/Apache/TestBuild.pm view on Meta::CPAN
#XXX do something better than doesn't require prompt if
#we already have an entry in ~/.cvspass
#$self->cvs('login');
warning "may need to run the following command ",
"(password is 'anoncvs')";
warning "cvs -d $self->{cvsroot} login";
}
}
if (-d $dir) {
Apache-UploadSvr
view release on metacpan or search on metacpan
lib/Apache/UploadSvr.pm view on Meta::CPAN
PerlSetVar Auth_DBI_data_source dbi:mSQL:authen
PerlSetVar Auth_DBI_pwd_table usertable
PerlSetVar Auth_DBI_grp_table grouptable
PerlSetVar Auth_DBI_uid_field user
PerlSetVar Auth_DBI_grp_field group
PerlSetVar Auth_DBI_pwd_field password
PerlSetVar stageuri /STAGE
PerlSetVar Apache_UploadSvr_Usermgr "Apache::UploadSvr::User"
PerlSetVar Apache_UploadSvr_myuri /perl/user/up
PerlSetVar Apache_UploadSvr_transdir /usr/local/apache/trans
PerlSetVar Apache_UploadSvr_trashdir /usr/local/apache/trash
Apache-Voodoo
view release on metacpan or search on metacpan
lib/Apache/Voodoo/Application/ConfigParser.pm view on Meta::CPAN
$_->{'extra'}->{HandleError} = Exception::Class::DBI->handler;
[
$_->{'connect'},
$_->{'username'},
$_->{'password'},
$_->{'extra'}
]
} @{$db}
];
}
Apache-WAP-MailPeek
view release on metacpan or search on metacpan
MailPeek.pm view on Meta::CPAN
my @msgnos = ();
my %params = $r->method eq 'POST' ? $r->content : $r->args;
Mail::Cclient::set_callback
login => sub {
return $params{'username'}, $params{'password'}
},
searched => sub {
push (@msgnos, $_[1]);
},
log => sub { print @_ }, dlog => sub { print @_};
Apache-Wombat
view release on metacpan or search on metacpan
conf/server.xml.PL view on Meta::CPAN
driverName="mysql"
connectionName="test"
connectionPassword="test"
connectionURL="database=test"
roleNameCol="rolename"
userCredCol="password"
userNameCol="username"
userRoleTable="user_roles"
userTable="users"/>
-->
Apache-Wyrd
view release on metacpan or search on metacpan
Wyrd/DBL.pm view on Meta::CPAN
=item database
database name (to connect to)
=item db_password
database password
=item db_username
database user name
Wyrd/DBL.pm view on Meta::CPAN
base_class
blksize
blocks
ctime
database
db_password
db_username
dba
dev
file_path
gid
Wyrd/DBL.pm view on Meta::CPAN
sub dbh {
my ($self) = shift;
my $dba = $self->{'dba'};
my $db = $self->{'database'};
my $uname = $self->{'db_username'};
my $pw = $self->{'db_password'};
my $dbh = $self->_init_db($dba, $db, $uname, $pw);
return $dbh if ($dbh);
$self->log_bug('dbh was requested from DBL but no database could be initialized');
return;
}
Wyrd/DBL.pm view on Meta::CPAN
=pod
=item (internal) C<_init_db> (scalar, scalar, scalar, scalar);
open the DB connection. Accepts a database type, a database name, a username,
and a password. Defaults to a mysql database. Sets the dbh parameter and the
dbh_ok parameter if the database connection was successful. Meant to be called
from C<dbh>. As of version 0.97 calls connect_cached instead of attempting to
maintain a cached connection itself.
=cut
Apache-iNcom
view release on metacpan or search on metacpan
lib/Apache/Session/DBIBase64Store.pm view on Meta::CPAN
my $dbh = $session->{args}{dbh} || $self->{dbh};
unless ( $dbh ) {
my $dsn = $session->{args}{DataSource};
my $username = $session->{args}{UserName};
my $password = $session->{args}{Password};
die "No opened database connection and no DSN\n" unless $dsn;
$dbh = DBI->connect( $dsn, $username, $password, { AutoCommit => 0,
RaiseError => 1,
} );
# Save it for future use
$self->{dbh} = $dbh;
Apache2-API
view release on metacpan or search on metacpan
lib/Apache2/API/Request.pm view on Meta::CPAN
return( $self->{_server_version} );
}
return( '' );
}
# e.g. set_basic_credentials( $user, $password );
sub set_basic_credentials { return( shift->_try( 'request', 'set_basic_credentials', @_ ) ); }
# set_handlers( PerlCleanupHandler => [] );
# $ok = $r->set_handlers($hook_name => \&handler);
# $ok = $r->set_handlers($hook_name => ['Foo::Bar::handler', \&handler2]);
lib/Apache2/API/Request.pm view on Meta::CPAN
my $port = $req->server_port;
my $proto = $req->server_protocol;
my $sig = $req->server_signature;
my $software = $req->server_software;
my $vers = $req->server_version;
$req->set_basic_credentials( $user => $password );
$req->set_handlers( $name => $code_ref );
my $data = $req->slurp_filename;
# Apache2::Connection object
my $socket = $req->socket;
my $status = $req->status;
lib/Apache2/API/Request.pm view on Meta::CPAN
=over 4
=item 1. the value of an Apache constant
This would be C<Apache2::Const::OK> if the password value is set (and assured a correct value in L</user>); otherwise it returns an error code, either C<Apache2::Const::HTTP_INTERNAL_SERVER_ERROR> if things are really confused, C<Apache2::Const::HTTP...
=item 2. the password as set in the headers (decoded)
=back
Note that if C<AuthType> is not set, L<Apache2::Access/get_basic_auth_pw> first sets it to C<Basic>.
lib/Apache2/API/Request.pm view on Meta::CPAN
It returns the version found as a L<version> object, or an empty string if nothing could be found.
=head2 set_basic_credentials
Provided with a user name and a password, this populates the incoming request headers table (C<headers_in>) with authentication headers for Basic Authorization as if the client has submitted those in first place:
$req->set_basic_credentials( $username, $password );
See L<Apache2::RequestUtil> for more information.
=head2 set_handlers
Apache2-ASP
view release on metacpan or search on metacpan
lib/Apache2/ASP/API.pm view on Meta::CPAN
my $api = Apache2::ASP::API->new();
my $res = $api->ua->post("/handlers/user.login", {
user_email => $email,
user_password => $password,
});
# Assuming $Session->{user} is set upon successful login:
unless( $api->session->{user} )
{
lib/Apache2/ASP/API.pm view on Meta::CPAN
use warnings 'all';
use base 'Apache2::ASP::API';
sub login
{
my ($s, $email, $password) = @_;
my $res = $s->ua->post("/handlers/user.login", {
user_email => $email,
user_password => $password
});
# Assuming $Session->{user} is set upon successful login:
unless( $api->session->{user} )
{
Apache2-AUS
view release on metacpan or search on metacpan
lib/Apache2/AUS.pm view on Meta::CPAN
my $go_error = $table->{go_error} || $go;
if($table->{logout}) {
$session->logout;
return go($r, $go);
} elsif($table->{user} && $table->{password}) {
my $user = eval { $session->login(@$table{'user','password'}); };
my $err = $@;
$session->_set_status($session->STATUS_MODIFIED);
$session->flush;
if($err) {
auth_failure($r, $err);
lib/Apache2/AUS.pm view on Meta::CPAN
} else {
$r->user($user->{id});
return go($r, $go);
}
} else {
$r->subprocess_env('Username or password not specified.');
return go($r, $go_error);
}
}
sub Authen {
lib/Apache2/AUS.pm view on Meta::CPAN
=item Response
In Apache2::AUS, the C<Response> handler is responsible for logging the user
in. This handler will read any GET / POST arguments (via
L<Apache2::Request|Apache2::Request> so other handlers can use them later).
If "user" and "password" are supplied, a login will be attempted under that
user id. If "logout" is supplied, any logged-in user will be logged out.
If the login was unsuccessful, the AUS_AUTH_FAILURE environment
variable will be set to a string containing the reason why.
Apache2-AuthAny
view release on metacpan or search on metacpan
lib/Apache2/AuthAny/DB.pm view on Meta::CPAN
my $self = {};
unless ($dbHandle) {
my $dbUser = $ENV{AUTH_ANY_DB_USER} || die "Env variable AUTH_ANY_DB_USER required";
my $dbPasswordFile = $ENV{AUTH_ANY_DB_PW_FILE} || die "Env variable AUTH_ANY_DB_PW_FILE required";
open(PWD, "<$dbPasswordFile") || die "Could not read password file, '$dbPasswordFile'. $!";
my $dbPassword = <PWD>;
close(PWD) || die "ouch $!";
chomp $dbPassword; #remove the trailing new line
die "Could not get password" unless $dbPassword;
my $dbName = $ENV{AUTH_ANY_DB_NAME} || die "Env variable AUTH_ANY_DB_NAME required";
my $db;
$db = $ENV{AUTH_ANY_DB} || "mysql";
my $dsn = "database=$dbName";
my $dbHost = $ENV{AUTH_ANY_DB_HOST};
lib/Apache2/AuthAny/DB.pm view on Meta::CPAN
sub getBasicUser {
my $self = shift;
my ($user) = @_;
my $sql = 'select user, password from basicAuth WHERE user = ?';
$self->useDB();
return $dbHandle->selectrow_hashref($sql, undef, $user);
}
Apache2-AuthCAS
view release on metacpan or search on metacpan
lib/Apache2/AuthCAS/Configuration.pm view on Meta::CPAN
{ cmd_data => 'DbDriver', err_append => 'driver', },
{ cmd_data => 'DbDataSource', err_append => 'string', },
{ cmd_data => 'DbSessionTable', err_append => 'session_table', },
{ cmd_data => 'DbUser', err_append => 'username', },
{ cmd_data => 'DbPass', err_append => 'password', },
);
foreach my $directive (@directives)
{
$directive->{"name"} = "CAS" . $directive->{"cmd_data"};
Apache2-AuthCASSimple
view release on metacpan or search on metacpan
lib/Apache2/AuthCASSimple.pm view on Meta::CPAN
Apache2::AuthCASSimple - Apache2 module to authentificate through a CAS server
=head1 DESCRIPTION
Apache2::AuthCASSimple is an authentication module for Apache2/mod_perl2. It allow you to authentificate users through a Yale CAS server. It means you don't need to give login/password if you've already be authentificate by the CAS server, only ticke...
This module allow the use of simple text files for sessions.
=head1 SYNOPSIS
Apache2-AuthCASpbh
view release on metacpan or search on metacpan
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
Apache2-AuthColloquy
view release on metacpan or search on metacpan
lib/Apache2/AuthColloquy.pm view on Meta::CPAN
# Handles Apache requests
sub handler {
my $r = shift;
my ($result, $password) = $r->get_basic_auth_pw;
return $result if $result;
my $user = $r->user;
my $users_lua = $r->dir_config('users_lua') || '/usr/local/colloquy/data';
my $allowaltauth = $r->dir_config('AllowAlternateAuth') || 'no';
lib/Apache2/AuthColloquy.pm view on Meta::CPAN
"user $user: invalid username contains disallowed characters ",
$r->uri);
return (lc($allowaltauth) eq "yes" ? Apache2::Const::DECLINED : Apache2::Const::HTTP_UNAUTHORIZED);
}
# Check we have a password
unless (length($password)) {
$r->note_basic_auth_failure;
$r->log_error("user $user: no password supplied for URI ", $r->uri);
return Apache2::Const::HTTP_UNAUTHORIZED;
}
# Read the database
my $users = {};
lib/Apache2/AuthColloquy.pm view on Meta::CPAN
$r->uri);
return (lc($allowaltauth) eq "yes" ? Apache2::Const::DECLINED : Apache2::Const::HTTP_UNAUTHORIZED);
}
# Check we have found that user
unless (exists $users->{"$user"}->{password2} || exists $users->{"$user"}->{password}) {
$r->note_basic_auth_failure;
$r->log_error(
"user $user: no valid user found for URI ",
$r->uri);
return (lc($allowaltauth) eq "yes" ? Apache2::Const::DECLINED : Apache2::Const::HTTP_UNAUTHORIZED);
}
# Now check the password
my $db_password_hash = $users->{"$user"}->{password2} || $users->{"$user"}->{password} || '_no_db_passd_';
my $our_password_hash = MD5->hexhash("$user$password") || '_no_usr_passd_';
if ($our_password_hash eq $db_password_hash) {
return Apache2::Const::OK;
} else {
$r->log_error(
"user $user: invalid password for URI ",
$r->uri);
return (lc($allowaltauth) eq "yes" ? Apache2::Const::DECLINED : Apache2::Const::HTTP_UNAUTHORIZED);
}
# Otherwise fail
lib/Apache2/AuthColloquy.pm view on Meta::CPAN
=head1 DESCRIPTION
Apache2::AuthColloquy is an Apache 2 authentication module. It will
authenticate against a Colloquy users.lua user database file using
the newer password2 field.
This script munges the users.lua file in to executable perl code
which is then evaluated. It should therefore be used with caution
if you cannot gaurentee the integrity of the users.lua file. See
Colloquy::Data for more details.
Apache2-AuthCookieDBI
view release on metacpan or search on metacpan
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
PerlSetVar WhatEverDBI_DSN "DBI:mysql:database=test"
PerlSetVar WhatEverDBI_SecretKey "489e5eaad8b3208f9ad8792ef4afca73598ae666b0206a9c92ac877e73ce835c"
# These are optional, the module sets sensible defaults.
PerlSetVar WhatEverDBI_User "nobody"
PerlSetVar WhatEverDBI_Password "password"
PerlSetVar WhatEverDBI_UsersTable "users"
PerlSetVar WhatEverDBI_UserField "user"
PerlSetVar WhatEverDBI_PasswordField "password"
PerlSetVar WhatEverDBI_UserActiveField "" # Default is skip this feature
PerlSetVar WhatEverDBI_CryptType "none"
PerlSetVar WhatEverDBI_GroupsTable "groups"
PerlSetVar WhatEverDBI_GroupField "grp"
PerlSetVar WhatEverDBI_GroupUserField "user"
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
=head1 DESCRIPTION
This module is an authentication handler that uses the basic mechanism provided
by Apache2::AuthCookie with a DBI database for ticket-based protection. It
is based on two tokens being provided, a username and password, which can
be any strings (there are no illegal characters for either). The username is
used to set the remote user as if Basic Authentication was used.
On an attempt to access a protected location without a valid cookie being
provided, the module prints an HTML login form (produced by a CGI or any
other handler; this can be a static file if you want to always send people
to the same entry page when they log in). This login form has fields for
username and password. On submitting it, the username and password are looked
up in the DBI database. The supplied password is checked against the password
in the database; the password in the database can be plaintext, or a crypt()
or md5_hex() checksum of the password. If this succeeds, the user is issued
a ticket. This ticket contains the username, an issue time, an expire time,
and an MD5 checksum of those and a secret key for the server. It can
optionally be encrypted before returning it to the client in the cookie;
encryption is only useful for preventing the client from seeing the expire
time. If you wish to protect passwords in transport, use an SSL-encrypted
connection. The ticket is given in a cookie that the browser stores.
After a login the user is redirected to the location they originally wished
to view (or to a fixed page if the login "script" was really a static file).
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
DBI_SecretKey => undef,
DBI_User => undef,
DBI_Password => undef,
DBI_UsersTable => 'users',
DBI_UserField => 'user',
DBI_PasswordField => 'password',
DBI_UserActiveField => EMPTY_STRING, # Default is don't use this feature
DBI_CryptType => 'none',
DBI_GroupsTable => 'groups',
DBI_GroupField => 'grp',
DBI_GroupUserField => 'user',
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
# If we used encryption we need to pull in Crypt::CBC.
if ( $c{'DBI_EncryptionType'} ne 'none' ) {
require Crypt::CBC;
}
# Compile module for password encryption, if needed.
if ( $c{'DBI_CryptType'} =~ /^sha/ ) {
require Digest::SHA;
}
return %c;
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
The user to log into the database as. This is not required and
defaults to undef.
=item C<WhatEverDBI_Password>
The password to use to access the database. This is not required
and defaults to undef.
Make sure that the Perl environment variables are
not publically available, for example via the /perl-status handler since the
password could be exposed.
=item C<WhatEverDBI_UsersTable>
The table that user names and passwords are stored in. This is not
required and defaults to 'users'.
=item C<WhatEverDBI_UserField>
The field in the above table that has the user name. This is not
required and defaults to 'user'.
=item C<WhatEverDBI_PasswordField>
The field in the above table that has the password. This is not
required and defaults to 'password'.
=item C<WhatEverDBI_UserActiveField>
The field in the users' table that has a value indicating if the users' account
is "active". This is optional and the default is to not use this field.
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
values. The I<user_is_active> class method exposes this setting (and may be
overidden in a subclass.)
=item C<WhatEverDBI_CryptType>
What kind of hashing is used on the password field in the database. This can
be 'none', 'crypt', 'md5', 'sha256', 'sha384', or 'sha512'.
C<md5> will use Digest::MD5::md5hex() and C<sha...> will use
Digest::SHA::sha{n}_hex().
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
=item C<WhatEverDBI_EncryptionType>
What kind of encryption to use to prevent the user from looking at the fields
in the ticket we give them. This is almost completely useless, so don't
switch it on unless you really know you need it. It does not provide any
protection of the password in transport; use SSL for that. It can be 'none',
'des', 'idea', 'blowfish', or 'blowfish_pp'.
This is not required and defaults to 'none'.
=item C<WhatEverDBI_SessionLifetime>
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
sub _now_year_month_day_hour_minute_second {
return sprintf '%04d-%02d-%02d-%02d-%02d-%02d', Today_and_Now;
}
sub _check_password {
my ( $class, $password, $crypted_password, $crypt_type ) = @_;
return
if not $crypted_password
; # https://rt.cpan.org/Public/Bug/Display.html?id=62470
my %password_checker = (
'none' => sub { return $password eq $crypted_password; },
'crypt' => sub {
return crypt( $password, $crypted_password ) eq $crypted_password;
},
'md5' => sub { return md5_hex($password) eq $crypted_password; },
'sha256' => sub {
return Digest::SHA::sha256_hex($password) eq $crypted_password;
},
'sha384' => sub {
return Digest::SHA::sha384_hex($password) eq $crypted_password;
},
'sha512' => sub {
return Digest::SHA::sha512_hex($password) eq $crypted_password;
},
);
return $password_checker{$crypt_type}->();
}
#-------------------------------------------------------------------------------
# _percent_encode -- Percent-encode (like URI encoding) any non-alphanumberics
# in the supplied string.
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
my %c = $config_hash ? %$config_hash : $class->_dbi_config_vars($r);
my $auth_name = $r->auth_name;
# get the crypted password from the users database for this user.
my $dbh = DBI->connect_cached( $c{'DBI_DSN'}, $c{'DBI_User'},
$c{'DBI_Password'} );
if ( defined $dbh ) {
my $info_message
= "${class}\tconnect to $c{'DBI_DSN'} for auth realm $auth_name";
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
return;
}
}
#-------------------------------------------------------------------------------
# _get_crypted_password -- Get the users' password from the database.
sub _get_crypted_password {
my ( $class, $r, $user, $config_hash ) = @_;
my %c = $config_hash ? %$config_hash : $class->_dbi_config_vars($r);
my $dbh = $class->_dbi_connect($r, \%c) || return;
my $auth_name = $r->auth_name;
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
$class->logger( $r, Apache2::Const::LOG_NOTICE, $message, $user,
LOG_TYPE_AUTH, $r->uri );
return;
}
my $crypted_password = EMPTY_STRING;
my $PasswordField = $dbh->quote_identifier($c{'DBI_PasswordField'});
my $UsersTable = $dbh->quote_identifier($c{'DBI_UsersTable'});
my $UserField = $dbh->quote_identifier($c{'DBI_UserField'});
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
$class->logger( $r, Apache2::Const::LOG_ERR, $message, $user,
LOG_TYPE_AUTH, $r->uri );
return;
}
$sth->execute($user);
($crypted_password) = $sth->fetchrow_array();
$sth->finish();
if ( _is_empty($crypted_password) ) {
my $message
= "${class}\tCould not select password using SQL query '$sql_query'";
$class->logger( $r, Apache2::Const::LOG_ERR, $message, $user,
LOG_TYPE_AUTH, $r->uri );
return;
}
return $crypted_password;
}
#-------------------------------------------------------------------------------
# _prepare_group_query -- Prepare the database query used to determine whether
# the authenticated user is a member of a group.
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
#===============================================================================
# P U B L I C F U N C T I O N S
#===============================================================================
sub extra_session_info {
my ( $class, $r, $user, $password, @extra_data ) = @_;
return EMPTY_STRING;
}
sub authen_cred {
my ( $class, $r, $user, $password, @extra_data ) = @_;
my $auth_name = $r->auth_name;
( $user, $password ) = _defined_or_empty( $user, $password );
if ( !length $user ) {
my $message
= "${class}\tno username supplied for auth realm $auth_name";
$class->logger( $r, Apache2::Const::LOG_NOTICE, $message, $user,
LOG_TYPE_AUTH, $r->uri );
return;
}
if ( !length $password ) {
my $message
= "${class}\tno password supplied for auth realm $auth_name";
$class->logger( $r, Apache2::Const::LOG_NOTICE, $message, $user,
LOG_TYPE_AUTH, $r->uri );
return;
}
# get the configuration information.
my %c = $class->_dbi_config_vars($r);
# get the crypted password from the users database for this user.
my $crypted_password = $class->_get_crypted_password( $r, $user, \%c );
return unless ( defined $crypted_password );
# now return unless the passwords match.
my $crypt_type = lc $c{'DBI_CryptType'};
if ( !$class->_check_password( $password, $crypted_password, $crypt_type ) )
{
my $message
= "${class}\tcrypt_type: '$crypt_type' - passwords didn't match for user '$user' for auth realm $auth_name";
$class->logger( $r, Apache2::Const::LOG_NOTICE, $message, $user,
LOG_TYPE_AUTH, $r->uri );
return;
}
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
# time and the session id (if any) together to make the public part
# of the session key:
my $current_time = _now_year_month_day_hour_minute_second;
my $public_part = "$enc_user:$current_time:$expire_time:$session_id";
$public_part
.= $class->extra_session_info( $r, $user, $password, @extra_data );
# Now we calculate the hash of this and the secret key and then
# calculate the hash of *that* and the secret key again.
my $secretkey = $c{'DBI_SecretKey'};
if ( !defined $secretkey ) {
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
You can subclass this module to override public functions and change
their behaviour.
=head1 CLASS METHODS
=head2 authen_cred($r, $user, $password, @extra_data)
Take the credentials for a user and check that they match; if so, return
a new session key for this user that can be stored in the cookie.
If there is a problem, return a bogus session key.
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
=head2 decrypt_session_key($r, $encryptiontype, $encrypted_session_key, $secret_key)
Returns the decrypted session key or false on failure.
=head2 extra_session_info($r, $user, $password, @extra_data)
A stub method that you may want to override in a subclass.
This method returns extra fields to add to the session key.
It should return a string consisting of ":field1:field2:field3"
lib/Apache2/AuthCookieDBI.pm view on Meta::CPAN
=head1 DATABASE SCHEMAS
For this module to work, the database tables must be laid out at least somewhat
according to the following rules: the user field must be a UNIQUE KEY
so there is only one row per user; the password field must be NOT NULL. If
you're using MD5 passwords the password field must be 32 characters long to
allow enough space for the output of md5_hex(). If you're using crypt()
passwords you need to allow 13 characters. If you're using sha256_hex()
then you need to allow for 64 characters, for sha384_hex() allow 96 characters,
and for sha512_hex() allow 128.
An minimal CREATE TABLE statement might look like:
CREATE TABLE users (
user VARCHAR(16) PRIMARY KEY,
password VARCHAR(32) NOT NULL
)
For the groups table, the access table is actually going to be a join table
between the users table and a table in which there is one row per group
if you have more per-group data to store; if all you care about is group
Apache2-AuthCookieDBImg
view release on metacpan or search on metacpan
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
PerlSetVar WhatEverDBI_DSN "DBI:mysql:database=test"
PerlSetVar WhatEverDBI_SecretKey "489e5eaad8b3208f9ad8792ef4afca73598ae666b0206a9c92ac877e73ce835c"
# These are optional, the module sets sensible defaults.
PerlSetVar WhatEverDBI_User "nobody"
PerlSetVar WhatEverDBI_Password "password"
PerlSetVar WhatEverDBI_UsersTable "users"
PerlSetVar WhatEverDBI_UserField "user"
PerlSetVar WhatEverDBI_PasswordField "password"
PerlSetVar WhatEverDBI_CryptType "none"
PerlSetVar WhatEverDBI_GroupsTable "groups"
PerlSetVar WhatEverDBI_GroupField "grp"
PerlSetVar WhatEverDBI_GroupUserField "user"
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
=head1 DESCRIPTION
This module is an authentication handler that uses the basic mechanism provided
by Apache2::AuthCookie with a DBI database for ticket-based protection. It
is based on two tokens being provided, a username and password, which can
be any strings (there are no illegal characters for either). The username is
used to set the remote user as if Basic Authentication was used.
On an attempt to access a protected location without a valid cookie being
provided, the module prints an HTML login form (produced by a CGI or any
other handler; this can be a static file if you want to always send people
to the same entry page when they log in). This login form has fields for
username and password. On submitting it, the username and password are looked
up in the DBI database. The supplied password is checked against the password
in the database; the password in the database can be plaintext, or a crypt()
or md5_hex() checksum of the password. If this succeeds, the user is issued
a ticket. This ticket contains the username, an issue time, an expire time,
and an MD5 checksum of those and a secret key for the server. It can
optionally be encrypted before returning it to the client in the cookie;
encryption is only useful for preventing the client from seeing the expire
time. If you wish to protect passwords in transport, use an SSL-encrypted
connection. The ticket is given in a cookie that the browser stores.
After a login the user is redirected to the location they originally wished
to view (or to a fixed page if the login "script" was really a static file).
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
is the third var.
Your login form should set the 2 required fields for ALL AuthCookieDBI
login forms:
Your login ID: <input type="text" name="credential_0" value="">
Your password: <input type="password" name="credential_1" value="">
PLUS two additional fields for image processing:
The image says: <input type="text" name="credential_2" value="">
<input type="hidden" name="credential_3" value="a_random_key">
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
The user to log into the database as. This is not required and
defaults to undef.
=item C<WhatEverDBI_Password>
The password to use to access the database. This is not required
and defaults to undef.
Make sure that the Perl environment variables are
not publically available, for example via the /perl-status handler since the
password could be exposed.
=item C<WhatEverDBI_UsersTable>
The table that user names and passwords are stored in. This is not
required and defaults to 'users'.
=item C<WhatEverDBI_UserField>
The field in the above table that has the user name. This is not
required and defaults to 'user'.
=item C<WhatEverDBI_PasswordField>
The field in the above table that has the password. This is not
required and defaults to 'password'.
=item C<WhatEverDBI_CryptType>
What kind of hashing is used on the password field in the database. This can
be 'none', 'crypt', or 'md5'. This is not required and defaults to 'none'.
=item C<WhatEverDBI_GroupsTable>
The table that has the user / group information. This is not required and
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
=item C<WhatEverDBI_EncryptionType>
What kind of encryption to use to prevent the user from looking at the fields
in the ticket we give them. This is almost completely useless, so don''t
switch it on unless you really know you need it. It does not provide any
protection of the password in transport; use SSL for that. It can be 'none',
'des', 'idea', 'blowfish', or 'blowfish_pp'.
This is not required and defaults to 'none'.
=item C<WhatEverDBI_SessionLifetime>
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
_log_not_set $r, 'DBI_SecretKey';
return undef;
}
$c{ DBI_user } = _dir_config_var( $r, 'DBI_User' ) || undef;
$c{ DBI_password } = _dir_config_var( $r, 'DBI_Password' ) || undef;
$c{ DBI_userstable } = _dir_config_var( $r, 'DBI_UsersTable' ) || 'users';
$c{ DBI_userfield } = _dir_config_var( $r, 'DBI_UserField' ) || 'user';
$c{ DBI_passwordfield } = _dir_config_var( $r, 'DBI_PasswordField' ) || 'password';
$c{ DBI_crypttype } = _dir_config_var( $r, 'DBI_CryptType' ) || 'none';
$c{ DBI_groupstable } = _dir_config_var( $r, 'DBI_GroupsTable' ) || 'groups';
$c{ DBI_groupfield } = _dir_config_var( $r, 'DBI_GroupField' ) || 'grp';
$c{ DBI_groupuserfield } = _dir_config_var( $r, 'DBI_GroupUserField' ) || 'user';
$c{ DBI_imgtable } = _dir_config_var( $r, 'DBI_ImgTable' ) || '';
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
unless ( $user =~ /^.+$/ ) {
$r->log_error( "Apache2::AuthCookieDBI: no username supplied for auth realm $auth_name", $r->uri );
return undef;
}
# Password goes in credential_1
my $password = shift @credentials;
unless ( $password =~ /^.+$/ ) {
$r->log_error( "Apache2::AuthCookieDBI: no password supplied for auth realm $auth_name", $r->uri );
return undef;
}
# CSA Patch - Use global var
# needed later for authen_sess_key
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
@Extra_Data = @credentials;
# get the configuration information.
my %c = _dbi_config_vars $r;
# get the crypted password from the users database for this user.
my $dbh = DBI->connect( $c{ DBI_DSN },
$c{ DBI_user }, $c{ DBI_password } );
unless ( defined $dbh ) {
$r->log_error( "Apache2::AuthCookieDBI: couldn't connect to $c{ DBI_DSN } for auth realm $auth_name", $r->uri );
return undef;
}
my $sth = $dbh->prepare( <<"EOS" );
SELECT $c{ DBI_passwordfield }
FROM $c{ DBI_userstable }
WHERE $c{ DBI_userfield } = ?
EOS
$sth->execute( $user );
# CSA Patch - No need to add array overhead when fetching a single field
# my( $crypted_password ) = $sth->fetchrow_array;
my $crypted_password = $sth->fetchrow;
unless ( defined $crypted_password ) {
$r->log_error( "Apache2::AuthCookieDBI: couldn't select password from $c{ DBI_DSN }, $c{ DBI_userstable }, $c{ DBI_userfield } for user $user for auth realm $auth_name", $r->uri );
return undef;
}
# now return unless the passwords match.
if ( lc $c{ DBI_crypttype } eq 'none' ) {
unless ( $password eq $crypted_password ) {
$r->log_error( "Apache2::AuthCookieDBI: plaintext passwords didn't match for user $user for auth realm $auth_name", $r->uri );
return undef;
}
} elsif ( lc $c{ DBI_crypttype } eq 'crypt' ) {
my $salt = substr $crypted_password, 0, 2;
unless ( crypt( $password, $salt ) eq $crypted_password ) {
$r->log_error( "Apache2::AuthCookieDBI: crypted passwords didn't match for user $user for auth realm $auth_name", $r->uri );
return undef;
}
} elsif ( lc $c{ DBI_crypttype } eq 'md5' ) {
unless ( md5_hex( $password ) eq $crypted_password ) {
$r->log_error( "Apache2::AuthCookieDBI: MD5 passwords didn't match for user $user for auth realm $auth_name", $r->uri );
return undef;
}
}
# CSA Patch - New gen_key function for activity reset
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
# If we're using a session module, check that their session exist.
if ( defined $c{ DBI_sessionmodule } ) {
my %session;
my $dbh = DBI->connect( $c{ DBI_DSN },
$c{ DBI_user }, $c{ DBI_password } );
unless ( defined $dbh ) {
$r->log_error( "Apache2::AuthCookieDBImg: couldn't connect to $c{ DBI_DSN } for auth realm $auth_name", $r->uri );
return undef;
}
eval {
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
#---- CSA :: NEW 2.03 Session Stuff
# If we are using sessions, we create a new session for this login.
my $session_id = '';
if ( defined $c{ DBI_sessionmodule } ) {
my $dbh = DBI->connect( $c{ DBI_DSN },
$c{ DBI_user }, $c{ DBI_password } );
unless ( defined $dbh ) {
$r->log_error( "Apache2::AuthCookieDBI: couldn't connect to $c{ DBI_DSN } for auth realm $auth_name", $r->uri );
return undef;
}
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
my $user = $r->user;
# See if we have a row in the groups table for this user/group.
my $dbh = DBI->connect( $c{ DBI_DSN },
$c{ DBI_user }, $c{ DBI_password } );
unless ( defined $dbh ) {
$r->log_error( "Apache2::AuthCookieDBImg: couldn't connect to $c{ DBI_DSN } for auth realm $auth_name", $r->uri );
return undef;
}
lib/Apache2/AuthCookieDBImg.pm view on Meta::CPAN
=head1 DATABASE SCHEMAS
For this module to work, the database tables must be laid out at least somewhat
according to the following rules: the user field must be a primary key
so there is only one row per user; the password field must be NOT NULL. If
you're using MD5 passwords the password field must be 32 characters long to
allow enough space for the output of md5_hex(). If you're using crypt()
passwords you need to allow 13 characters.
An minimal CREATE TABLE statement might look like:
CREATE TABLE users (
user VARCHAR(16) PRIMARY KEY,
password VARCHAR(32) NOT NULL
)
For the groups table, the access table is actually going to be a join table
between the users table and a table in which there is one row per group
if you have more per-group data to store; if all you care about is group
Apache2-AuthCookieLDAP
view release on metacpan or search on metacpan
lib/Apache2/AuthCookieLDAP.pm view on Meta::CPAN
unless ($ldap_handler) {
$ldap_handler = NULL;
return $ldap_handler;
}
if ($binddn) { # bind with a dn/pass
my $msg = $ldap_handler->bind( $binddn, password => $bindpw );
$msg->code && $self->fatal( $r, $msg->error );
}
else { # anonymous bind
my $msg = $ldap_handler->bind();
$msg->code && $self->fatal( $r, $msg->error );
lib/Apache2/AuthCookieLDAP.pm view on Meta::CPAN
return $mesg->code ? 0 : $mesg->count;
}
sub ldap_check_user {
my ( $self, $r, $user, $password ) = @_;
return NULL unless $self->ldap($r);
my $base = $self->config( $r, C_BASE );
$base =~ s/%USER%/$user/;
my $mesg = $self->ldap($r)->bind( $base, password => $password );
return $mesg->is_error ? 0 : 1;
}
sub rlog {
lib/Apache2/AuthCookieLDAP.pm view on Meta::CPAN
return $expire_time < time ? 1 : 0;
}
sub authen_cred {
my ( $self, $r, $user, $password, @extra_data ) = @_;
my $auth_name = $r->auth_name;
my $remote_ip = $r->connection->remote_ip;
unless ($user) {
$DEBUG && $self->rlog( $r, "No username specified" );
return;
}
unless ($password) {
$DEBUG
&& $self->rlog( $r, "No password specified for user '$user'" );
return;
}
unless ( $self->ldap_search( $r, $user ) ) {
$DEBUG
&& $self->rlog( $r, "User '$user' is not found" );
return;
}
unless ( $self->ldap_check_user( $r, $user, $password ) ) {
$DEBUG
&& $self->rlog( $r, "Incorrect password for '$user'" );
return;
}
else {
$DEBUG
&& $self->rlog( $r, "Successful login for '$user' ($remote_ip)" );
lib/Apache2/AuthCookieLDAP.pm view on Meta::CPAN
PerlSetVar MyAuth_SecretKey OGheSWkT1ixd4V0DydSarLVevF77sSibMIoUaIYuQUqp2zvZIwbS4lyWhRTFUcHE
PerlSetVar MyAuth_SessionLifetime 00-24-00-00
PerlSetVar MyAuth_LDAPURI ldap://127.0.0.1
PerlSetVar MyAuth_Base uid=%USER%,ou=staff,dc=company,dc=com
PerlSetVar MyAuth_BindDN cn=ldap,dc=company,dc=com
PerlSetVar MyAuth_BindPW somepassword
PerlSetVar MyAuth_Filter (uid=%USER%)
<Directory /var/www/mysite/protected>
AuthType Apache2::AuthCookieLDAP
AuthName MyAuth
lib/Apache2/AuthCookieLDAP.pm view on Meta::CPAN
(ldapuri, base, binddn/bindpw or anonymous bind).
When there is an attempt to access a "protected" directory or location
that has 'require valid-user' option included Apache2::AuthCookieLDAP is used
as the authentication and the authorization handler. It takes a pair of
provided username/password and tries to search the username in the LDAP directory
(it also uses the filter MyAuth_Filter, for puropses where you want to restrict access
to the resource to only a specific group). If the user is found then it tries
to bind with the provided username/password. Once authorized a session key
is generated by taking into account the provided username, authorization time
and a hash generated by including a specific logic plus the user's IP address.
Upon completion the session data is encrypted with the secret key (MyAuth_SecretKey)
and the according cookie is generated by Apache2::AuthCookie.
All the following requests to the protected resource take the cookie (if exists)
lib/Apache2/AuthCookieLDAP.pm view on Meta::CPAN
Example: cn=ldap,dc=company,dc=com
=item C<MyAuth_BindPW> [optional]
If you BindDN then you most likely want to specify
a password here to bind with.
=item C<MyAuth_Cipher> [optinal, default: 'des']
An encryption method used for the session key.
lib/Apache2/AuthCookieLDAP.pm view on Meta::CPAN
=head2 ldap_search($r, $user)
Performs Net::LDAP->search(base => $base, scope => 'base', filter => $filter)
and returns '1' if the specified $user is found or otherwise '0'.
=head2 ldap_check_user($r, $user, $password)
Performs Net::LDAP->bind($base, password => $password).
(%USER% is replaced by $user in $base)
=head2 rlog($r, $msg)
lib/Apache2/AuthCookieLDAP.pm view on Meta::CPAN
=head2 check_expire_time($r, $session_time)
Checks the provided session time (unixtime) with the current time
and returns '0' if the session time is still valid or '1' if passed.
=head2 authen_cred($r, $user, $password, @extra_data)
This is the overridden method of Apache::AuthCookie and is used to
authenticate $user with the provided $password
Returns the encrypted session key in case of successfull authentication.
Please follow to Apache2::AuthCookie if you need more information about the method.
Apache2-AuthNetLDAP
view release on metacpan or search on metacpan
AuthNetLDAP.pm view on Meta::CPAN
#handles Apache requests
sub handler
{
my $r = shift;
my ($result, $password) = $r->get_basic_auth_pw;
return $result if $result;
# change based on version of mod_perl
my $user = $r->user;
AuthNetLDAP.pm view on Meta::CPAN
## Parse $name's with Domain\Username
if ($user =~ m|(\w+)[\\/](.+)|) {
($domain,$user) = ($1,$2);
}
if ($password eq "") {
$r->note_basic_auth_failure;
$r->log_error("user $user: no password supplied",$r->uri);
return Apache2::Const::HTTP_UNAUTHORIZED;
}
my $ldap = new Net::LDAP($ldapserver, port => $ldapport);
AuthNetLDAP.pm view on Meta::CPAN
my $mesg;
#initial bind as user in Apache config
if ($bindpwd ne "")
{
$mesg = $ldap->bind($binddn, password=>$bindpwd);
}
else
{
$mesg = $ldap->bind();
}
AuthNetLDAP.pm view on Meta::CPAN
if ( $pwattr ne "" )
{
my $altfieldvalue = $entry->get_value ( $pwattr );
$altfieldvalue =~ s/^\s+//;
$altfieldvalue =~ s/\s+$//;
if ($altfieldvalue eq $password)
{
return Apache2::Const::OK;
}
else
{
AuthNetLDAP.pm view on Meta::CPAN
}
}
}
else
{
$mesg = $ldap->bind($entry->dn(),password=>$password);
}
if (my $error = $mesg->code())
{
$r->note_basic_auth_failure;
$r->log_error("user $user: failed bind: $error",$r->uri);
return Apache2::Const::HTTP_UNAUTHORIZED;
}
my $error = $mesg->code();
my $dn = $entry->dn();
# $r->log_error("AUTHDEBUG user $dn:$password bind: $error",$r->uri);
return Apache2::Const::OK;
}
# Autoload methods go after =cut, and are processed by the autosplit program.
AuthNetLDAP.pm view on Meta::CPAN
AuthName "LDAP Test Auth"
AuthType Basic
#only set the next two if you need to bind as a user for searching
#PerlSetVar BindDN "uid=user1,ou=people,o=acme.com" #optional
#PerlSetVar BindPWD "password" #optional
PerlSetVar BaseDN "ou=people,o=acme.com"
PerlSetVar LDAPServer ldap.acme.com
PerlSetVar LDAPPort 389
#PerlSetVar UIDAttr uid
PerlSetVar UIDAttr mail
#PerlSetVar AlternatePWAttribute alternateAttribute
#PerlSetVar SearchScope base | one | sub # default is sub
#PerlSetVar LDAPFilter "(&(course=CSA)(class=A))" #optional
# Set if you want to encrypt communication with LDAP server
# and avoid sending clear text passwords over the network
PerlSetVar UseStartTLS yes | no
# Set if you want to allow an alternate method of authentication
PerlSetVar AllowAlternateAuth yes | no
AuthNetLDAP.pm view on Meta::CPAN
Used to set initial LDAP user.
=item PerlSetVar BindPWD
Used to set initial LDAP password.
=item PerlSetVar BaseDN
This sets the search base used when looking up a user in an LDAP server.
AuthNetLDAP.pm view on Meta::CPAN
The attribute used to lookup the user.
=item PerlSetVar AlternatePWAttribute
The an alternate attribute with which the $password will be tested.
This allows you to test with another attribute, instead of just
trying to bind the userdn and password to the ldap server.
If this option is used, then a BindDN and BindPWD must be used for the
initial bind.
=item PerlSetVar AllowAlternateAuth
AuthNetLDAP.pm view on Meta::CPAN
(&(&(course=41300)(year=3)(classCode=Y))(uid=nicku))
This will then allow nicku access only if nicku's LDAP entry has the
attribute course equal to 41300, the attribute year equal to 3, and
attribute classCode equal to Y. And of course, if the password is
correct. This may be useful for restricting access to a group of
users in a large directory, e.g., at a university.
=item PerlSetVar UseStartTLS
Optional; can be yes or no. If yes, will fail unless can start a TLS
encrypted connection to the LDAP server before sending passwords over
the network. Note that this requires that the optional module
IO::Socket::SSL is installed; this depends on Net::SSLeay, which
depends on openssl. Of course, the LDAP server must support Start TLS
also.
AuthNetLDAP.pm view on Meta::CPAN
AuthName "LDAP Test Auth"
AuthType Basic
#only set the next two if you need to bind as a user for searching
#PerlSetVar BindDN "uid=user1,ou=people,o=acme.com" #optional
#PerlSetVar BindPWD "password" #optional
PerlSetVar BaseDN "ou=people,o=acme.com"
PerlSetVar LDAPServer ldap.acme.com
PerlSetVar LDAPPort 389
PerlSetVar UIDAttr uid
PerlSetVar UseStartTLS yes # Assuming you installed IO::Socket::SSL, etc.
( run in 1.029 second using v1.01-cache-2.11-cpan-49f99fa48dc )